Report to Educate Application Security Practitioners on Serverless Application Risks and Mitigation Techniques
Baltimore, Maryland – The Open Web Application Security Project (OWASP) released today the official OWASP Serverless Top 10 project initiated by Protego Labs. The project launch begins with a provisional report designed to be a first look into the leading risks in serverless security and to serve as a baseline for official OWASP Serverless Top 10.
The OWASP Top 10 is the de-facto guide for application security practitioners to understand the most common application attacks and risks. Its data spans vulnerabilities gathered from hundreds of organizations and over 100,000 real-world applications and APIs. The Top 10 items are selected and prioritized according to this data, in combination with consensus estimates of exploitability, detectability, and impact into providing The Ten Most Critical Web Application Security Risks.
“Since serverless applications are vastly different, security risks have changed,” said Tal Melamed, project leader. “With serverless, hackers must try different vectors and approaches for attacks; developers cannot employ traditional perimeter protections and need to change their way of thinking, as almost none of the mitigations suggested for traditional applications would fit in the serverless world, which is why we’re working on the OWASP serverless Top 10 project.”
Similar to the OWASP Top 10, the final Serverless Top 10 will be based on data collected from real industry input through an open call. The OWASP Serverless Top 10 is the first and only OWASP report that examines the main risks in serverless security. It also serves as a baseline for creating the official OWASP Serverless Top 10 security risks to educate organizations about the unique security landscape of serverless applications.
Protego is backed by a group of security industry investors, including Ron Gula of Gula Tech Adventures, Glilot Capital Partners, and former RSA CTO, Tim Belcher. Earlier this year, Protego won the Startup Competition for the most innovative cyber initiative at the Cybertech Tel Aviv 2018 Conference. Additionally, Protego is currently nominated for Best Cybersecurity Startup in the Cyber Excellence Awards, and was listed as a 2019 company to watch by SD Times.
Recognizing the inadequacy of traditional application security paradigms, Protego Labs designed the first comprehensive solution built with the unique constraints and opportunities of serverless in mind. Through continuous serverless security posture, dynamic serverless intelligence, and elastic defense, Protego helps organizations achieve control over the security of their applications. For more information, visit http://www.protego.io.
OWASP is a worldwide free and open community focused on improving the security of application software. There are over 200 OWASP Local Chapters world-wide that are free and open to anyone to attend. OWASP tools and documents can be used to detect and to guard against security-related design and implementation flaws, as well as to add security-related activities into your Software Development Life Cycle (SDLC). For additional detail about OWASP, leadership, and corporate details, visit https://www.owasp.org.